Shawn Q Jackson gt50

## pacs.conf
input {
      tcp {
              type => "pacs"
              port => 3517
      }
}
filter {
    if [type] == "pacs" {
        grok {
            match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}  %{SYSLOG5424SD:logsource} \(Import:%{GREEDYDATA:studyuid}\) %{GREEDYDATA:action} Patient:%{GREEDYDATA:patienname}, PatientID:%{GREEDYDATA:patientid}, IPID:%{WORD:ipid}, Modality:%{WORD:modality}, Accession:%{WORD:accession}, StudyDate:%{YEAR:dosyear}%{MONTHNUM:dosmonth}%{MONTHDAY:dosday}"]

## windowseventlog.conf
input {
      tcp {
              type => "WindowsEventLog"
              port => 3516
	      codec => json {
	      		charset => [ "CP1252" ]
	      }
      }
}
filter {

## netflow.conf
input {
  udp {
    port => 6343
    codec => netflow { versions => [ 5, 9] }
    type => "netflow"
  }
}
output {
      if [type] == "netflow" {
  		elasticsearch { host => localhost }

## iis.conf
input {
      tcp {
              type => "iis"
              port => 3515
      }
}
filter {
    if [type] == "iis" {
        grok {
            #match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{IPORHOST:hostip} %{WORD:method} %{URIPATH:page} %{NOTSPACE:query} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clientip} %{NOTSPACE:useragent} %{NOTSPACE:referrer} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:scstatus} %{NUMBER:timetaken}"]

## cisco-asa.conf
input {
  syslog {
    port => 5140
	type => "cisco-asa"
  }
}

filter {
  if [type] == "cisco-asa" {
    # Split the syslog part and Cisco tag out of the message

## nxlog.conf
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

## nxlog.conf
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog

## gist:2699ee03ce253a32d979
# Xencenter could not connect to some of my xenservers today. This is an issue with Windows 10 and 512 bit certificates for old version of xenserver.
# My recently built servers have 1024 bit certs. My old servers that have been upgraded several times had 512 bit certs from original installations.
# All of my servers are running 6.5 so the generate_ssl_cert is already set to 1024 default. If you are using older version, modify the script.
# view strength of certificate. If it is 512 it needs to be rebuilt to allow connection from Windows 10.
openssl x509 -in /etc/xensource/xapi-ssl.pem -text

mv /etc/xensource/xapi-ssl.pem xapi-ssl.pem.orig
# By default xenserver uses the ip address for container name on certificate
/opt/xensource/libexec/generate_ssl_cert /etc/xensource/xapi-ssl.pem 10.1.2.42
xe-toolstack-restart

## gist:1fecbdcfe1d2b45d5469
var http = require('http');
var urls = process.argv.slice(2);
var responses = process.argv.slice(2);
var completedReqests = 0;


for (var i=0; i < urls.length;i++){
    http.get(urls[i],(function (i){
        return function(response){
            var webData = '';

## foreman06142016
Foreman 1.12 and puppet 4 could not complete installation using Centos 7, Ubuntu 16.04 or Debian 8 for me. The first successful install I managed was on Centos 7 using puppet 3 and Foreman 1.11. Foreman 1.12 is only one week old, so I am sure the problem will be resolved soon.

Install Centos 7 with static ip and make sure ping $(hostname -f) is pinging the ip address of the interface and not loopback.

rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
yum -y install epel-release https://yum.theforeman.org/releases/1.11/el7/x86_64/foreman-release.rpm
yum -y install foreman-installer
foreman-installer
systemctl stop firewalld
systemctl disable firewalld
	input {
	tcp {
	type => "pacs"
	port => 3517
	}
	}
	filter {
	if [type] == "pacs" {
	grok {
	match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel} %{SYSLOG5424SD:logsource} \(Import:%{GREEDYDATA:studyuid}\) %{GREEDYDATA:action} Patient:%{GREEDYDATA:patienname}, PatientID:%{GREEDYDATA:patientid}, IPID:%{WORD:ipid}, Modality:%{WORD:modality}, Accession:%{WORD:accession}, StudyDate:%{YEAR:dosyear}%{MONTHNUM:dosmonth}%{MONTHDAY:dosday}"]
	input {
	tcp {
	type => "WindowsEventLog"
	port => 3516
	codec => json {
	charset => [ "CP1252" ]
	}
	}
	}
	filter {
	input {
	udp {
	port => 6343
	codec => netflow { versions => [ 5, 9] }
	type => "netflow"
	}
	}
	output {
	if [type] == "netflow" {
	elasticsearch { host => localhost }
	input {
	tcp {
	type => "iis"
	port => 3515
	}
	}
	filter {
	if [type] == "iis" {
	grok {
	#match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{IPORHOST:hostip} %{WORD:method} %{URIPATH:page} %{NOTSPACE:query} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clientip} %{NOTSPACE:useragent} %{NOTSPACE:referrer} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:scstatus} %{NUMBER:timetaken}"]
	input {
	syslog {
	port => 5140
	type => "cisco-asa"
	}
	}

	filter {
	if [type] == "cisco-asa" {
	# Split the syslog part and Cisco tag out of the message
	## This is a sample configuration file. See the nxlog reference manual about the
	## configuration options. It should be installed locally and is also available
	## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

	## Please set the ROOT to the folder your nxlog was installed into,
	## otherwise it will not start.

	#define ROOT C:\Program Files\nxlog
	define ROOT C:\Program Files (x86)\nxlog
	# Xencenter could not connect to some of my xenservers today. This is an issue with Windows 10 and 512 bit certificates for old version of xenserver.
	# My recently built servers have 1024 bit certs. My old servers that have been upgraded several times had 512 bit certs from original installations.
	# All of my servers are running 6.5 so the generate_ssl_cert is already set to 1024 default. If you are using older version, modify the script.
	# view strength of certificate. If it is 512 it needs to be rebuilt to allow connection from Windows 10.
	openssl x509 -in /etc/xensource/xapi-ssl.pem -text

	mv /etc/xensource/xapi-ssl.pem xapi-ssl.pem.orig
	# By default xenserver uses the ip address for container name on certificate
	/opt/xensource/libexec/generate_ssl_cert /etc/xensource/xapi-ssl.pem 10.1.2.42
	xe-toolstack-restart
	var http = require('http');
	var urls = process.argv.slice(2);
	var responses = process.argv.slice(2);
	var completedReqests = 0;


	for (var i=0; i < urls.length;i++){
	http.get(urls[i],(function (i){
	return function(response){
	var webData = '';
	Foreman 1.12 and puppet 4 could not complete installation using Centos 7, Ubuntu 16.04 or Debian 8 for me. The first successful install I managed was on Centos 7 using puppet 3 and Foreman 1.11. Foreman 1.12 is only one week old, so I am sure the problem will be resolved soon.

	Install Centos 7 with static ip and make sure ping $(hostname -f) is pinging the ip address of the interface and not loopback.

	rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
	yum -y install epel-release https://yum.theforeman.org/releases/1.11/el7/x86_64/foreman-release.rpm
	yum -y install foreman-installer
	foreman-installer
	systemctl stop firewalld
	systemctl disable firewalld